Royal Road 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (175)

タイムライン

言語

en144
it8
fr8
es8
de6

国・地域

us90
it10
ru8
pl8
ca8

アクター

Royal Road4
APT281
TrickBot1
Zeus1
Pikabot1

アクティビティ

関心

タイムライン

タイプ

Not Defined58
Web Server10
Content Management System10
Operating System10
Virtualization Software8

ベンダー

Not Defined70
Microsoft18
Apache6
Oracle6
Drobo4

製品

Microsoft Windows10
WordPress6
Drobo 5N2 NAS4
Microsoft IIS4
OpenSSH4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.40CVE-2020-12440
2MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
3WordPress Private Post 特権昇格4.64.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002720.03CVE-2020-11028
4Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.00CVE-2020-1927
5ProFTPD mod_copy 特権昇格8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.944620.00CVE-2019-12815
6Microsoft Exchange Server Privilege Escalation8.57.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.035630.00CVE-2021-26412
7Gempar Script Toko Online shop_display_products.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
9Mihalism Multi Host users.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001520.00CVE-2008-0714
10Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
11Mailman 特権昇格6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
12WordPress Thumbnail 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.009900.03CVE-2018-1000773
13XenForo 特権昇格8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
14DCP-Portal forums.php SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
15Ideal BB.NET forums.aspx クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16logwatch logwatch.pl 特権昇格9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.051510.03CVE-2011-1018
17OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.54CVE-2016-6210
18Apache Shiro API ディレクトリトラバーサル8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000710.05CVE-2023-34478
19Subversion svn+ssh:/ URL 特権昇格8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.128510.03CVE-2017-9800
20Apache Subversion mod_authz_svn authenticated 情報の漏洩5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003800.03CVE-2015-3184

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Royal Road

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1138.68.133.211share.sawblade.org.ukRoyal RoadRoyal Road2020年12月22日verified
2XXX.XXX.XX.XXXxxxx XxxxXxxxx Xxxx2020年12月22日verified
3XXX.XXX.XX.XXxxxx XxxxXxxxx Xxxx2020年12月22日verified
4XXX.XX.X.XXXxxx.xx.x.xxx.xxxxx.xxxXxxxx XxxxXxxxx Xxxx2020年12月22日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/bin/shpredictive
2File/oauth/authorizepredictive
3File/see_more_details.phppredictive
4File/uncpath/predictive
5File/webmail/predictive
6File/_nextpredictive
7Fileadmin/index.phppredictive
8Fileanonymous/authenticatedpredictive
9Fileassets/add/registrar.phppredictive
10Filebooking.phppredictive
11Filebooks.phppredictive
12Filexxxx.xxxpredictive
13Filexxxxxxxxx.xxxxpredictive
14Filexxx-xxxx.xxxpredictive
15Filexxx-xxxpredictive
16Filexxx-xxx/xxxxxxxxxxxx.xxxpredictive
17Filexxxxxx/xxx/x_xxxxxxxx_xxxxxxxx.xpredictive
18Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxx.xxx?xxx=xxxx&xxxxxx=xxxxxxxxxpredictive
21Filexxxxxx.xxxxpredictive
22Filexxxxxx.xxxpredictive
23Filexxxx.xpredictive
24Filexxxx.xxxpredictive
25Filexxxxx.xxxpredictive
26Filexxxx_xxxx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxxxxxx.xxpredictive
29Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
30Filexxx/xxxxx.xxxxpredictive
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
32Filexxxxxxxxx.xxxxpredictive
33Filexxxx.xxxpredictive
34Filexxxxxxxx.xxxpredictive
35Filexxxxxxxxx/xxxxxx.xpredictive
36Filexxx.xpredictive
37Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictive
38Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
41Filexxxx-xxxxx_xxxxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
44Filexxxxxx.xxxpredictive
45Filexxxxxx/xx/xxxx.xxxpredictive
46Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
47Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
48Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxx-xxxx&xxpredictive
49Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictive
50Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
51Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictive
52Libraryxxxxxxxx.xxxpredictive
53Argument--xxxpredictive
54Argumentxxx_xxxxpredictive
55Argumentxxxxxpredictive
56Argumentxxxxxxpredictive
57Argumentxxxpredictive
58Argumentxxxxxpredictive
59Argumentxxx_xxpredictive
60Argumentxxxpredictive
61Argumentxxxx_xxpredictive
62Argumentxxxx/xxxxpredictive
63Argumentxxxxxxxpredictive
64Argumentxxpredictive
65Argumentxxxx_xxxxxxxpredictive
66Argumentxxpredictive
67Argumentxxxxpredictive
68Argumentxxxxpredictive
69Argumentxxpredictive
70Argumentxxxxxxpredictive
71Argumentxxxxpredictive
72Argumentxxxxxpredictive
73Argumentxxpredictive
74Argumentxxxxxxxxpredictive
75Argumentxxxxxxxxpredictive
76Argumentxxxx_xxpredictive
77Argumentxxxxxxxx_xxxx/xxxxxx_xx/xxxxxxxx_xxxpredictive
78Argumentxxxxxx/xxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxxxxxpredictive
81Argumentxxxxxpredictive
82Argumentxxxxxxxxxx[xxxx]predictive
83Argumentxxxxxxxxxxx_xxpredictive
84Argumentxxxpredictive
85Argumentxxxpredictive
86Argumentxxxxxxxxpredictive
87Argumentxxxx->xxxxxxxpredictive
88Input Value.%xx.../.%xx.../predictive
89Input Valuexxx.xxx[xxxxx]predictive
90Input Value…/.predictive
91Patternxxxxxxxxpredictive
92Pattern|xx xx xx xx|predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!